Mis Tools‎ > ‎

HANDY-AD-LDAP-QUERY



Locked Out Users

(&(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295)))))


Dial In Access
(&(&(&(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE)))))


Disabled User Accounts

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))


No Expiring Accounts

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))


Active Accounts

(&(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)))

 
Hidden Mailboxes

(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))

 
Windows 2000 SP4

(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))

 
Windows XP SP3

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))

 
Vista SP1 Machines

(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))


Windows 7 SP1

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows 7*)(operatingSystemServicePack=Service Pack 1))))))))


Windows 8

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows 7*))))))))

 
All Workstations

(sAMAccountType=805306369) or (objectCategory=computer)

All computer accounts which are disabled:#

    (&(objectClass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))

Returns odd computres if their netbios names end with a Letters

    (|(name=*zz)(name=*zy)(name=*xzy))


All  non Windows 2000 Workstations

((sAMAccountType=805306369)!(operatingSystem=Windows 2000 Professional))

2003 Servers Non-DCs

(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))


2003 Servers Non-DCs

(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*)))
 


2003 Servers - DCs

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))


2008 Servers - DCs

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

2012 Servers - DCs

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2012*))))


Server 2008

(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

Server 2012

(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2012*))))

Commonly used Active Directory attributes for computer accounts:

LDAP AttributeRemark
descriptionComputer description (in AD)
distinguishedNameDN: OU location of the computer account can be read from here. No wildcard matching possible!
dNSHostNameFQDN
locationLocation field
memberOfGroups the computer account is a member of. No wildcard matching possible!
nameNetbios computer name
operatingSysteme.g. Windows Server 2003
operatingSystemServicePacke.g. Service Pack 1
operatingSystemVersione.g. 5.2 (3790)
primaryGroupID515: Computers
516: Domain Controllers
sAMAccountNameComputer account name (name$)
sAMAccountTypealways 805306369 (computer account)
servicePrincipalNamelist of registered SPNs


Comments